Am 19.02.2015 um 14:11 schrieb John:
On 2/19/2015 7:48 AM, li...@rhsoft.net wrote:
Am 19.02.2015 um 13:30 schrieb John:
On 2/19/2015 6:35 AM, li...@rhsoft.net wrote:
Am 19.02.2015 um 12:32 schrieb John:
On 2/16/2015 10:29 PM, Viktor Dukhovni wrote:
smtp_tls_cert_file = /root/ssl/certs/$mydomain.mail.pem
smtp_tls_key_file = /root/ssl/private/$mydomain.mail.key
Are there any destinations for which you need client certs to gain
access? If not set these empty.
I thought these were needed for TLS.
I must be a /little/ confused. Is it the sender or the receiver that
initiates TLS?
From your comment to remove them, it must be the receiver, correct?
that's not the point
smtp_ settings are client
normally the client don't need a cert for TLS
your browser and mail-client don't use one too
Hmmm. How does this affect Submission?
what did you not understand in "smtp_ settings are client"?
postfix smtp client = OUTBOUND mail and by all respect *that* is basic
knowledge when you touch "main.cf" and in general don't change
settings you obviously have no clue what they are doing
DON'T get snarky and yell at me, I am trying to understand something
here!!!
http://www.postfix.org/postconf.5.html#smtp_tls_cert_file
that would be the start and contains "Do not configure client
certificates unless you must present client TLS certificates to one or
more servers. Client certificates are not usually needed, and can cause
problems in configurations that work well without them"
there is a own anchor link for *any* postfix setting in the docs
I think I got a little confused, when Victor used the term client. Not
his fault I was thinking in terms of the client being the writer of the
email using a MUA. Up until then I thought that smtp was for sending
between MTAs, and that smtpd was for receiving both from MTAs and MUAs.
The main difference being that /good/ practice is that MTAs us port 25
and MUAs use 587
it's way simpler to express:
* smtpd: accepting inbound connections (server)
* smtp: make outbound connections (client)
